release: Checksum mismatch in `guix-codesign` log #35104

issue hebasto opened this issue on April 18, 2026
  1. hebasto commented at 10:27 AM on April 18, 2026: member

    When codesigning Windows binaries for 31.0, guix-codesign logs multiple checksum mismatches:

    $ env HOSTS=x86_64-w64-mingw32 ./contrib/guix/guix-codesign
Checking that we can connect to the guix-daemon...

Hint: If this hangs, you may want to try turning your guix-daemon off and on
      again.

INFO: Codesigning 31.0 for platform triple x86_64-w64-mingw32:
      ...using reference timestamp: 1776286524
      ...from worktree directory: '/home/hebasto/dev/bitcoin'
          ...bind-mounted in container to: '/bitcoin'
      ...in build directory: '/home/hebasto/dev/bitcoin/guix-build-31.0/distsrc-31.0-x86_64-w64-mingw32-codesigned'
          ...bind-mounted in container to: '/distsrc-base/distsrc-31.0-x86_64-w64-mingw32-codesigned'
      ...outputting in: '/home/hebasto/dev/bitcoin/guix-build-31.0/output/x86_64-w64-mingw32-codesigned'
          ...bind-mounted in container to: '/outdir-base/x86_64-w64-mingw32-codesigned'
      ...using detached signatures in: '/home/hebasto/dev/bitcoin-detached-sigs'
          ...bind-mounted in container to: '/detached-sigs'
Required environment variables as seen inside the container:
    CODESIGNING_TARBALL: /outdir-base/x86_64-w64-mingw32/bitcoin-31.0-win64-codesigning.tar.gz
    DETACHED_SIGS_REPO: /detached-sigs
    DIST_ARCHIVE_BASE: /outdir-base/dist-archive
    DISTNAME: bitcoin-31.0
    HOST: x86_64-w64-mingw32
    SOURCE_DATE_EPOCH: 1776286524
    DISTSRC: /distsrc-base/distsrc-31.0-x86_64-w64-mingw32-codesigned
    OUTDIR: /outdir-base/x86_64-w64-mingw32-codesigned
Current PE checksum   : 00246273
Calculated PE checksum: 00242F33    MISMATCH!!!

Signature Index: 0  (Primary Signature)
Message digest algorithm  : SHA256
Current message digest    : 501BE0BC17709144CC26D96ACBA2459B4FBDB6983460A34AAC7F4926F3513F64 
Calculated message digest : 501BE0BC17709144CC26D96ACBA2459B4FBDB6983460A34AAC7F4926F3513F64 

Signer's certificate:
	Signer [#0](/bitcoin-bitcoin/0/):
		Subject: /C=US/ST=Delaware/L=Lewes/O=Bitcoin Core Code Signing LLC/CN=Bitcoin Core Code Signing LLC
		Issuer : /C=US/O=DigiCert, Inc./CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1
		Serial : 073478E89DB2AB783EF8D6D04BF04154
		Certificate expiration date:
			notBefore : May 22 00:00:00 2024 GMT
			notAfter : May 31 23:59:59 2027 GMT

Number of certificates: 6
	Signer [#0](/bitcoin-bitcoin/0/):
		Subject: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Trusted Root G4
		Issuer : /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Trusted Root G4
		Serial : 059B1B579E8E2132E23907BDA777755C
		Certificate expiration date:
			notBefore : Aug  1 12:00:00 2013 GMT
			notAfter : Jan 15 12:00:00 2038 GMT
	------------------
	Signer [#1](/bitcoin-bitcoin/1/):
		Subject: /C=US/O=DigiCert, Inc./CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1
		Issuer : /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Trusted Root G4
		Serial : 08AD40B260D29C4C9F5ECDA9BD93AED9
		Certificate expiration date:
			notBefore : Apr 29 00:00:00 2021 GMT
			notAfter : Apr 28 23:59:59 2036 GMT
	------------------
	Signer [#2](/bitcoin-bitcoin/2/):
		Subject: /C=US/ST=Delaware/L=Lewes/O=Bitcoin Core Code Signing LLC/CN=Bitcoin Core Code Signing LLC
		Issuer : /C=US/O=DigiCert, Inc./CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1
		Serial : 073478E89DB2AB783EF8D6D04BF04154
		Certificate expiration date:
			notBefore : May 22 00:00:00 2024 GMT
			notAfter : May 31 23:59:59 2027 GMT
	------------------
	Signer [#3](/bitcoin-bitcoin/3/):
		Subject: /C=GB/O=Sectigo Limited/CN=Sectigo Public Time Stamping Root R46
		Issuer : /C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority
		Serial : 36C2B0BD7C1B3AE7A3B3DD36CBC97568
		Certificate expiration date:
			notBefore : Mar 22 00:00:00 2021 GMT
			notAfter : Jan 18 23:59:59 2038 GMT
	------------------
	Signer [#4](/bitcoin-bitcoin/4/):
		Subject: /C=GB/O=Sectigo Limited/CN=Sectigo Public Time Stamping CA R36
		Issuer : /C=GB/O=Sectigo Limited/CN=Sectigo Public Time Stamping Root R46
		Serial : 7A23AEDA5369960F91C83E5CF4C7E33F
		Certificate expiration date:
			notBefore : Mar 22 00:00:00 2021 GMT
			notAfter : Mar 21 23:59:59 2036 GMT
	------------------
	Signer [#5](/bitcoin-bitcoin/5/):
		Subject: /C=GB/ST=West Yorkshire/O=Sectigo Limited/CN=Sectigo Public Time Stamping Signer R36
		Issuer : /C=GB/O=Sectigo Limited/CN=Sectigo Public Time Stamping CA R36
		Serial : A4293B6E1EDDD7A7340887AD7A4EB724
		Certificate expiration date:
			notBefore : Mar 27 00:00:00 2025 GMT
			notAfter : Mar 21 23:59:59 2036 GMT

Authenticated attributes:
	Message digest algorithm: SHA256
	Message digest: 5A01B0D442E6000453C636B6FC28D49383E5F9FC1EA6E7846245D11AB83D6A99 
	Signing time: Apr 16 03:00:09 2026 GMT
	Microsoft Individual Code Signing purpose

The signature is timestamped: Apr 16 03:00:12 2026 GMT
Hash Algorithm: sha384
Timestamp Verified by:
		Issuer : /C=GB/O=Sectigo Limited/CN=Sectigo Public Time Stamping CA R36
		Serial : A4293B6E1EDDD7A7340887AD7A4EB724

CAfile: /home/hebasto/.guix-profile/etc/ssl/certs/ca-certificates.crt
CRL distribution point: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl
Use the "-TSA-CAfile" option to add the Time-Stamp Authority certificates bundle to verify the Timestamp Server.
Timestamp Server Signature verification: failed
Signature verification: ok

Number of verified signatures: 1
Signature successfully attached
Succeeded
Current PE checksum   : 02A3A990
Calculated PE checksum: 02A387AC    MISMATCH!!!

Signature Index: 0  (Primary Signature)
Message digest algorithm  : SHA256
Current message digest    : CB9D34FE36D2E445ACF74A074B8E0312BA04842E40124FA34F7102A5D8D8419D 
Calculated message digest : CB9D34FE36D2E445ACF74A074B8E0312BA04842E40124FA34F7102A5D8D8419D 

Signer's certificate:
	Signer [#0](/bitcoin-bitcoin/0/):
		Subject: /C=US/ST=Delaware/L=Lewes/O=Bitcoin Core Code Signing LLC/CN=Bitcoin Core Code Signing LLC
		Issuer : /C=US/O=DigiCert, Inc./CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1
		Serial : 073478E89DB2AB783EF8D6D04BF04154
		Certificate expiration date:
			notBefore : May 22 00:00:00 2024 GMT
			notAfter : May 31 23:59:59 2027 GMT

Number of certificates: 6
	Signer [#0](/bitcoin-bitcoin/0/):
		Subject: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Trusted Root G4
		Issuer : /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Trusted Root G4
		Serial : 059B1B579E8E2132E23907BDA777755C
		Certificate expiration date:
			notBefore : Aug  1 12:00:00 2013 GMT
			notAfter : Jan 15 12:00:00 2038 GMT
	------------------
	Signer [#1](/bitcoin-bitcoin/1/):
		Subject: /C=US/O=DigiCert, Inc./CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1
		Issuer : /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Trusted Root G4
		Serial : 08AD40B260D29C4C9F5ECDA9BD93AED9
		Certificate expiration date:
			notBefore : Apr 29 00:00:00 2021 GMT
			notAfter : Apr 28 23:59:59 2036 GMT
	------------------
	Signer [#2](/bitcoin-bitcoin/2/):
		Subject: /C=US/ST=Delaware/L=Lewes/O=Bitcoin Core Code Signing LLC/CN=Bitcoin Core Code Signing LLC
		Issuer : /C=US/O=DigiCert, Inc./CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1
		Serial : 073478E89DB2AB783EF8D6D04BF04154
		Certificate expiration date:
			notBefore : May 22 00:00:00 2024 GMT
			notAfter : May 31 23:59:59 2027 GMT
	------------------
	Signer [#3](/bitcoin-bitcoin/3/):
		Subject: /C=GB/O=Sectigo Limited/CN=Sectigo Public Time Stamping Root R46
		Issuer : /C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority
		Serial : 36C2B0BD7C1B3AE7A3B3DD36CBC97568
		Certificate expiration date:
			notBefore : Mar 22 00:00:00 2021 GMT
			notAfter : Jan 18 23:59:59 2038 GMT
	------------------
	Signer [#4](/bitcoin-bitcoin/4/):
		Subject: /C=GB/O=Sectigo Limited/CN=Sectigo Public Time Stamping CA R36
		Issuer : /C=GB/O=Sectigo Limited/CN=Sectigo Public Time Stamping Root R46
		Serial : 7A23AEDA5369960F91C83E5CF4C7E33F
		Certificate expiration date:
			notBefore : Mar 22 00:00:00 2021 GMT
			notAfter : Mar 21 23:59:59 2036 GMT
	------------------
	Signer [#5](/bitcoin-bitcoin/5/):
		Subject: /C=GB/ST=West Yorkshire/O=Sectigo Limited/CN=Sectigo Public Time Stamping Signer R36
		Issuer : /C=GB/O=Sectigo Limited/CN=Sectigo Public Time Stamping CA R36
		Serial : A4293B6E1EDDD7A7340887AD7A4EB724
		Certificate expiration date:
			notBefore : Mar 27 00:00:00 2025 GMT
			notAfter : Mar 21 23:59:59 2036 GMT

Authenticated attributes:
	Message digest algorithm: SHA256
	Message digest: FDA4031960374756F704E774BC5D7F7FDD90D4BAFA9D6F0F82598FFEFB0942FB 
	Signing time: Apr 16 02:59:54 2026 GMT
	Microsoft Individual Code Signing purpose

The signature is timestamped: Apr 16 02:59:54 2026 GMT
Hash Algorithm: sha384
Timestamp Verified by:
		Issuer : /C=GB/O=Sectigo Limited/CN=Sectigo Public Time Stamping CA R36
		Serial : A4293B6E1EDDD7A7340887AD7A4EB724

CAfile: /home/hebasto/.guix-profile/etc/ssl/certs/ca-certificates.crt
CRL distribution point: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl
Use the "-TSA-CAfile" option to add the Time-Stamp Authority certificates bundle to verify the Timestamp Server.
Timestamp Server Signature verification: failed
Signature verification: ok

Number of verified signatures: 1
Signature successfully attached
Succeeded
Current PE checksum   : 0044D310
Calculated PE checksum: 00440810    MISMATCH!!!

Signature Index: 0  (Primary Signature)
Message digest algorithm  : SHA256
Current message digest    : 6728494BA0BE753939E9DB4FF294868DB3346FF142C3A7568DB6E21C4A263E1B 
Calculated message digest : 6728494BA0BE753939E9DB4FF294868DB3346FF142C3A7568DB6E21C4A263E1B 

Signer's certificate:
	Signer [#0](/bitcoin-bitcoin/0/):
		Subject: /C=US/ST=Delaware/L=Lewes/O=Bitcoin Core Code Signing LLC/CN=Bitcoin Core Code Signing LLC
		Issuer : /C=US/O=DigiCert, Inc./CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1
		Serial : 073478E89DB2AB783EF8D6D04BF04154
		Certificate expiration date:
			notBefore : May 22 00:00:00 2024 GMT
			notAfter : May 31 23:59:59 2027 GMT

Number of certificates: 6
	Signer [#0](/bitcoin-bitcoin/0/):
		Subject: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Trusted Root G4
		Issuer : /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Trusted Root G4
		Serial : 059B1B579E8E2132E23907BDA777755C
		Certificate expiration date:
			notBefore : Aug  1 12:00:00 2013 GMT
			notAfter : Jan 15 12:00:00 2038 GMT
	------------------
	Signer [#1](/bitcoin-bitcoin/1/):
		Subject: /C=US/O=DigiCert, Inc./CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1
		Issuer : /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Trusted Root G4
		Serial : 08AD40B260D29C4C9F5ECDA9BD93AED9
		Certificate expiration date:
			notBefore : Apr 29 00:00:00 2021 GMT
			notAfter : Apr 28 23:59:59 2036 GMT
	------------------
	Signer [#2](/bitcoin-bitcoin/2/):
		Subject: /C=US/ST=Delaware/L=Lewes/O=Bitcoin Core Code Signing LLC/CN=Bitcoin Core Code Signing LLC
		Issuer : /C=US/O=DigiCert, Inc./CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1
		Serial : 073478E89DB2AB783EF8D6D04BF04154
		Certificate expiration date:
			notBefore : May 22 00:00:00 2024 GMT
			notAfter : May 31 23:59:59 2027 GMT
	------------------
	Signer [#3](/bitcoin-bitcoin/3/):
		Subject: /C=GB/O=Sectigo Limited/CN=Sectigo Public Time Stamping Root R46
		Issuer : /C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority
		Serial : 36C2B0BD7C1B3AE7A3B3DD36CBC97568
		Certificate expiration date:
			notBefore : Mar 22 00:00:00 2021 GMT
			notAfter : Jan 18 23:59:59 2038 GMT
	------------------
	Signer [#4](/bitcoin-bitcoin/4/):
		Subject: /C=GB/O=Sectigo Limited/CN=Sectigo Public Time Stamping CA R36
		Issuer : /C=GB/O=Sectigo Limited/CN=Sectigo Public Time Stamping Root R46
		Serial : 7A23AEDA5369960F91C83E5CF4C7E33F
		Certificate expiration date:
			notBefore : Mar 22 00:00:00 2021 GMT
			notAfter : Mar 21 23:59:59 2036 GMT
	------------------
	Signer [#5](/bitcoin-bitcoin/5/):
		Subject: /C=GB/ST=West Yorkshire/O=Sectigo Limited/CN=Sectigo Public Time Stamping Signer R36
		Issuer : /C=GB/O=Sectigo Limited/CN=Sectigo Public Time Stamping CA R36
		Serial : A4293B6E1EDDD7A7340887AD7A4EB724
		Certificate expiration date:
			notBefore : Mar 27 00:00:00 2025 GMT
			notAfter : Mar 21 23:59:59 2036 GMT

Authenticated attributes:
	Message digest algorithm: SHA256
	Message digest: BDA8B1993CD7F4FAE0448BAEE42498C2C6C5EC71B74C5946FB332B88CB414412 
	Signing time: Apr 16 03:00:07 2026 GMT
	Microsoft Individual Code Signing purpose

The signature is timestamped: Apr 16 03:00:09 2026 GMT
Hash Algorithm: sha384
Timestamp Verified by:
		Issuer : /C=GB/O=Sectigo Limited/CN=Sectigo Public Time Stamping CA R36
		Serial : A4293B6E1EDDD7A7340887AD7A4EB724

CAfile: /home/hebasto/.guix-profile/etc/ssl/certs/ca-certificates.crt
CRL distribution point: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl
Use the "-TSA-CAfile" option to add the Time-Stamp Authority certificates bundle to verify the Timestamp Server.
Timestamp Server Signature verification: failed
Signature verification: ok

Number of verified signatures: 1
Signature successfully attached
Succeeded
Current PE checksum   : 003E71D1
Calculated PE checksum: 003E3E66    MISMATCH!!!

Signature Index: 0  (Primary Signature)
Message digest algorithm  : SHA256
Current message digest    : 620DC0DAC7EA80296C0E520C96E23921FD88972DFE213D27330072596E10B336 
Calculated message digest : 620DC0DAC7EA80296C0E520C96E23921FD88972DFE213D27330072596E10B336 

Signer's certificate:
	Signer [#0](/bitcoin-bitcoin/0/):
		Subject: /C=US/ST=Delaware/L=Lewes/O=Bitcoin Core Code Signing LLC/CN=Bitcoin Core Code Signing LLC
		Issuer : /C=US/O=DigiCert, Inc./CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1
		Serial : 073478E89DB2AB783EF8D6D04BF04154
		Certificate expiration date:
			notBefore : May 22 00:00:00 2024 GMT
			notAfter : May 31 23:59:59 2027 GMT

Number of certificates: 6
	Signer [#0](/bitcoin-bitcoin/0/):
		Subject: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Trusted Root G4
		Issuer : /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Trusted Root G4
		Serial : 059B1B579E8E2132E23907BDA777755C
		Certificate expiration date:
			notBefore : Aug  1 12:00:00 2013 GMT
			notAfter : Jan 15 12:00:00 2038 GMT
	------------------
	Signer [#1](/bitcoin-bitcoin/1/):
		Subject: /C=US/O=DigiCert, Inc./CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1
		Issuer : /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Trusted Root G4
		Serial : 08AD40B260D29C4C9F5ECDA9BD93AED9
		Certificate expiration date:
			notBefore : Apr 29 00:00:00 2021 GMT
			notAfter : Apr 28 23:59:59 2036 GMT
	------------------
	Signer [#2](/bitcoin-bitcoin/2/):
		Subject: /C=US/ST=Delaware/L=Lewes/O=Bitcoin Core Code Signing LLC/CN=Bitcoin Core Code Signing LLC
		Issuer : /C=US/O=DigiCert, Inc./CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1
		Serial : 073478E89DB2AB783EF8D6D04BF04154
		Certificate expiration date:
			notBefore : May 22 00:00:00 2024 GMT
			notAfter : May 31 23:59:59 2027 GMT
	------------------
	Signer [#3](/bitcoin-bitcoin/3/):
		Subject: /C=GB/O=Sectigo Limited/CN=Sectigo Public Time Stamping Root R46
		Issuer : /C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority
		Serial : 36C2B0BD7C1B3AE7A3B3DD36CBC97568
		Certificate expiration date:
			notBefore : Mar 22 00:00:00 2021 GMT
			notAfter : Jan 18 23:59:59 2038 GMT
	------------------
	Signer [#4](/bitcoin-bitcoin/4/):
		Subject: /C=GB/O=Sectigo Limited/CN=Sectigo Public Time Stamping CA R36
		Issuer : /C=GB/O=Sectigo Limited/CN=Sectigo Public Time Stamping Root R46
		Serial : 7A23AEDA5369960F91C83E5CF4C7E33F
		Certificate expiration date:
			notBefore : Mar 22 00:00:00 2021 GMT
			notAfter : Mar 21 23:59:59 2036 GMT
	------------------
	Signer [#5](/bitcoin-bitcoin/5/):
		Subject: /C=GB/ST=West Yorkshire/O=Sectigo Limited/CN=Sectigo Public Time Stamping Signer R36
		Issuer : /C=GB/O=Sectigo Limited/CN=Sectigo Public Time Stamping CA R36
		Serial : A4293B6E1EDDD7A7340887AD7A4EB724
		Certificate expiration date:
			notBefore : Mar 27 00:00:00 2025 GMT
			notAfter : Mar 21 23:59:59 2036 GMT

Authenticated attributes:
	Message digest algorithm: SHA256
	Message digest: 2110D0C40A8545C4B517D582010860FE15019C980AF9473D43B083BC842F8CA7 
	Signing time: Apr 16 03:00:13 2026 GMT
	Microsoft Individual Code Signing purpose

The signature is timestamped: Apr 16 03:00:15 2026 GMT
Hash Algorithm: sha384
Timestamp Verified by:
		Issuer : /C=GB/O=Sectigo Limited/CN=Sectigo Public Time Stamping CA R36
		Serial : A4293B6E1EDDD7A7340887AD7A4EB724

CAfile: /home/hebasto/.guix-profile/etc/ssl/certs/ca-certificates.crt
CRL distribution point: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl
Use the "-TSA-CAfile" option to add the Time-Stamp Authority certificates bundle to verify the Timestamp Server.
Timestamp Server Signature verification: failed
Signature verification: ok

Number of verified signatures: 1
Signature successfully attached
Succeeded
Current PE checksum   : 008611AF
Calculated PE checksum: 008572A6    MISMATCH!!!

Signature Index: 0  (Primary Signature)
Message digest algorithm  : SHA256
Current message digest    : 1B856F95F21FE19C91F58282D068AE06B382E03182C64EE613C9E0ACBE041044 
Calculated message digest : 1B856F95F21FE19C91F58282D068AE06B382E03182C64EE613C9E0ACBE041044 

Signer's certificate:
	Signer [#0](/bitcoin-bitcoin/0/):
		Subject: /C=US/ST=Delaware/L=Lewes/O=Bitcoin Core Code Signing LLC/CN=Bitcoin Core Code Signing LLC
		Issuer : /C=US/O=DigiCert, Inc./CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1
		Serial : 073478E89DB2AB783EF8D6D04BF04154
		Certificate expiration date:
			notBefore : May 22 00:00:00 2024 GMT
			notAfter : May 31 23:59:59 2027 GMT

Number of certificates: 6
	Signer [#0](/bitcoin-bitcoin/0/):
		Subject: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Trusted Root G4
		Issuer : /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Trusted Root G4
		Serial : 059B1B579E8E2132E23907BDA777755C
		Certificate expiration date:
			notBefore : Aug  1 12:00:00 2013 GMT
			notAfter : Jan 15 12:00:00 2038 GMT
	------------------
	Signer [#1](/bitcoin-bitcoin/1/):
		Subject: /C=US/O=DigiCert, Inc./CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1
		Issuer : /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Trusted Root G4
		Serial : 08AD40B260D29C4C9F5ECDA9BD93AED9
		Certificate expiration date:
			notBefore : Apr 29 00:00:00 2021 GMT
			notAfter : Apr 28 23:59:59 2036 GMT
	------------------
	Signer [#2](/bitcoin-bitcoin/2/):
		Subject: /C=US/ST=Delaware/L=Lewes/O=Bitcoin Core Code Signing LLC/CN=Bitcoin Core Code Signing LLC
		Issuer : /C=US/O=DigiCert, Inc./CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1
		Serial : 073478E89DB2AB783EF8D6D04BF04154
		Certificate expiration date:
			notBefore : May 22 00:00:00 2024 GMT
			notAfter : May 31 23:59:59 2027 GMT
	------------------
	Signer [#3](/bitcoin-bitcoin/3/):
		Subject: /C=GB/O=Sectigo Limited/CN=Sectigo Public Time Stamping Root R46
		Issuer : /C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority
		Serial : 36C2B0BD7C1B3AE7A3B3DD36CBC97568
		Certificate expiration date:
			notBefore : Mar 22 00:00:00 2021 GMT
			notAfter : Jan 18 23:59:59 2038 GMT
	------------------
	Signer [#4](/bitcoin-bitcoin/4/):
		Subject: /C=GB/O=Sectigo Limited/CN=Sectigo Public Time Stamping CA R36
		Issuer : /C=GB/O=Sectigo Limited/CN=Sectigo Public Time Stamping Root R46
		Serial : 7A23AEDA5369960F91C83E5CF4C7E33F
		Certificate expiration date:
			notBefore : Mar 22 00:00:00 2021 GMT
			notAfter : Mar 21 23:59:59 2036 GMT
	------------------
	Signer [#5](/bitcoin-bitcoin/5/):
		Subject: /C=GB/ST=West Yorkshire/O=Sectigo Limited/CN=Sectigo Public Time Stamping Signer R36
		Issuer : /C=GB/O=Sectigo Limited/CN=Sectigo Public Time Stamping CA R36
		Serial : A4293B6E1EDDD7A7340887AD7A4EB724
		Certificate expiration date:
			notBefore : Mar 27 00:00:00 2025 GMT
			notAfter : Mar 21 23:59:59 2036 GMT

Authenticated attributes:
	Message digest algorithm: SHA256
	Message digest: AA6570267072FAAF401F4B33CA3E77918563F49D3034B38D716C5E3EEA7547C6 
	Signing time: Apr 16 02:59:56 2026 GMT
	Microsoft Individual Code Signing purpose

The signature is timestamped: Apr 16 03:00:03 2026 GMT
Hash Algorithm: sha384
Timestamp Verified by:
		Issuer : /C=GB/O=Sectigo Limited/CN=Sectigo Public Time Stamping CA R36
		Serial : A4293B6E1EDDD7A7340887AD7A4EB724

CAfile: /home/hebasto/.guix-profile/etc/ssl/certs/ca-certificates.crt
CRL distribution point: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl
Use the "-TSA-CAfile" option to add the Time-Stamp Authority certificates bundle to verify the Timestamp Server.
Timestamp Server Signature verification: failed
Signature verification: ok

Number of verified signatures: 1
Signature successfully attached
Succeeded
Current PE checksum   : 001A89B4
Calculated PE checksum: 0019B03A    MISMATCH!!!

Signature Index: 0  (Primary Signature)
Message digest algorithm  : SHA256
Current message digest    : E737A7EB28671062E5A8CAF496B4B8115DBF0C983B6C95A5B9B0E17015A707F2 
Calculated message digest : E737A7EB28671062E5A8CAF496B4B8115DBF0C983B6C95A5B9B0E17015A707F2 

Signer's certificate:
	Signer [#0](/bitcoin-bitcoin/0/):
		Subject: /C=US/ST=Delaware/L=Lewes/O=Bitcoin Core Code Signing LLC/CN=Bitcoin Core Code Signing LLC
		Issuer : /C=US/O=DigiCert, Inc./CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1
		Serial : 073478E89DB2AB783EF8D6D04BF04154
		Certificate expiration date:
			notBefore : May 22 00:00:00 2024 GMT
			notAfter : May 31 23:59:59 2027 GMT

Number of certificates: 6
	Signer [#0](/bitcoin-bitcoin/0/):
		Subject: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Trusted Root G4
		Issuer : /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Trusted Root G4
		Serial : 059B1B579E8E2132E23907BDA777755C
		Certificate expiration date:
			notBefore : Aug  1 12:00:00 2013 GMT
			notAfter : Jan 15 12:00:00 2038 GMT
	------------------
	Signer [#1](/bitcoin-bitcoin/1/):
		Subject: /C=US/O=DigiCert, Inc./CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1
		Issuer : /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Trusted Root G4
		Serial : 08AD40B260D29C4C9F5ECDA9BD93AED9
		Certificate expiration date:
			notBefore : Apr 29 00:00:00 2021 GMT
			notAfter : Apr 28 23:59:59 2036 GMT
	------------------
	Signer [#2](/bitcoin-bitcoin/2/):
		Subject: /C=US/ST=Delaware/L=Lewes/O=Bitcoin Core Code Signing LLC/CN=Bitcoin Core Code Signing LLC
		Issuer : /C=US/O=DigiCert, Inc./CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1
		Serial : 073478E89DB2AB783EF8D6D04BF04154
		Certificate expiration date:
			notBefore : May 22 00:00:00 2024 GMT
			notAfter : May 31 23:59:59 2027 GMT
	------------------
	Signer [#3](/bitcoin-bitcoin/3/):
		Subject: /C=GB/O=Sectigo Limited/CN=Sectigo Public Time Stamping Root R46
		Issuer : /C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority
		Serial : 36C2B0BD7C1B3AE7A3B3DD36CBC97568
		Certificate expiration date:
			notBefore : Mar 22 00:00:00 2021 GMT
			notAfter : Jan 18 23:59:59 2038 GMT
	------------------
	Signer [#4](/bitcoin-bitcoin/4/):
		Subject: /C=GB/O=Sectigo Limited/CN=Sectigo Public Time Stamping CA R36
		Issuer : /C=GB/O=Sectigo Limited/CN=Sectigo Public Time Stamping Root R46
		Serial : 7A23AEDA5369960F91C83E5CF4C7E33F
		Certificate expiration date:
			notBefore : Mar 22 00:00:00 2021 GMT
			notAfter : Mar 21 23:59:59 2036 GMT
	------------------
	Signer [#5](/bitcoin-bitcoin/5/):
		Subject: /C=GB/ST=West Yorkshire/O=Sectigo Limited/CN=Sectigo Public Time Stamping Signer R36
		Issuer : /C=GB/O=Sectigo Limited/CN=Sectigo Public Time Stamping CA R36
		Serial : A4293B6E1EDDD7A7340887AD7A4EB724
		Certificate expiration date:
			notBefore : Mar 27 00:00:00 2025 GMT
			notAfter : Mar 21 23:59:59 2036 GMT

Authenticated attributes:
	Message digest algorithm: SHA256
	Message digest: 3011C6F89653AE6CA415B7B0F452CF8E7E7250C7341DE34B492EC4EED808F7B5 
	Signing time: Apr 16 02:59:55 2026 GMT
	Microsoft Individual Code Signing purpose

The signature is timestamped: Apr 16 02:59:56 2026 GMT
Hash Algorithm: sha384
Timestamp Verified by:
		Issuer : /C=GB/O=Sectigo Limited/CN=Sectigo Public Time Stamping CA R36
		Serial : A4293B6E1EDDD7A7340887AD7A4EB724

CAfile: /home/hebasto/.guix-profile/etc/ssl/certs/ca-certificates.crt
CRL distribution point: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl
Use the "-TSA-CAfile" option to add the Time-Stamp Authority certificates bundle to verify the Timestamp Server.
Timestamp Server Signature verification: failed
Signature verification: ok

Number of verified signatures: 1
Signature successfully attached
Succeeded
Current PE checksum   : 01014B21
Calculated PE checksum: 01011561    MISMATCH!!!

Signature Index: 0  (Primary Signature)
Message digest algorithm  : SHA256
Current message digest    : B0A6A4E0F796575E34CF699CEBD34A8B3C0A78854E8564704A27D42FDECDDA93 
Calculated message digest : B0A6A4E0F796575E34CF699CEBD34A8B3C0A78854E8564704A27D42FDECDDA93 

Signer's certificate:
	Signer [#0](/bitcoin-bitcoin/0/):
		Subject: /C=US/ST=Delaware/L=Lewes/O=Bitcoin Core Code Signing LLC/CN=Bitcoin Core Code Signing LLC
		Issuer : /C=US/O=DigiCert, Inc./CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1
		Serial : 073478E89DB2AB783EF8D6D04BF04154
		Certificate expiration date:
			notBefore : May 22 00:00:00 2024 GMT
			notAfter : May 31 23:59:59 2027 GMT

Number of certificates: 6
	Signer [#0](/bitcoin-bitcoin/0/):
		Subject: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Trusted Root G4
		Issuer : /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Trusted Root G4
		Serial : 059B1B579E8E2132E23907BDA777755C
		Certificate expiration date:
			notBefore : Aug  1 12:00:00 2013 GMT
			notAfter : Jan 15 12:00:00 2038 GMT
	------------------
	Signer [#1](/bitcoin-bitcoin/1/):
		Subject: /C=US/O=DigiCert, Inc./CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1
		Issuer : /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Trusted Root G4
		Serial : 08AD40B260D29C4C9F5ECDA9BD93AED9
		Certificate expiration date:
			notBefore : Apr 29 00:00:00 2021 GMT
			notAfter : Apr 28 23:59:59 2036 GMT
	------------------
	Signer [#2](/bitcoin-bitcoin/2/):
		Subject: /C=US/ST=Delaware/L=Lewes/O=Bitcoin Core Code Signing LLC/CN=Bitcoin Core Code Signing LLC
		Issuer : /C=US/O=DigiCert, Inc./CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1
		Serial : 073478E89DB2AB783EF8D6D04BF04154
		Certificate expiration date:
			notBefore : May 22 00:00:00 2024 GMT
			notAfter : May 31 23:59:59 2027 GMT
	------------------
	Signer [#3](/bitcoin-bitcoin/3/):
		Subject: /C=GB/O=Sectigo Limited/CN=Sectigo Public Time Stamping Root R46
		Issuer : /C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority
		Serial : 36C2B0BD7C1B3AE7A3B3DD36CBC97568
		Certificate expiration date:
			notBefore : Mar 22 00:00:00 2021 GMT
			notAfter : Jan 18 23:59:59 2038 GMT
	------------------
	Signer [#4](/bitcoin-bitcoin/4/):
		Subject: /C=GB/O=Sectigo Limited/CN=Sectigo Public Time Stamping CA R36
		Issuer : /C=GB/O=Sectigo Limited/CN=Sectigo Public Time Stamping Root R46
		Serial : 7A23AEDA5369960F91C83E5CF4C7E33F
		Certificate expiration date:
			notBefore : Mar 22 00:00:00 2021 GMT
			notAfter : Mar 21 23:59:59 2036 GMT
	------------------
	Signer [#5](/bitcoin-bitcoin/5/):
		Subject: /C=GB/ST=West Yorkshire/O=Sectigo Limited/CN=Sectigo Public Time Stamping Signer R36
		Issuer : /C=GB/O=Sectigo Limited/CN=Sectigo Public Time Stamping CA R36
		Serial : A4293B6E1EDDD7A7340887AD7A4EB724
		Certificate expiration date:
			notBefore : Mar 27 00:00:00 2025 GMT
			notAfter : Mar 21 23:59:59 2036 GMT

Authenticated attributes:
	Message digest algorithm: SHA256
	Message digest: FE8DB2E16CC40204F6B5812CC28B53419E6471FCDFC686CD4D69BD7EC1741D2E 
	Signing time: Apr 16 03:00:03 2026 GMT
	Microsoft Individual Code Signing purpose

The signature is timestamped: Apr 16 03:00:07 2026 GMT
Hash Algorithm: sha384
Timestamp Verified by:
		Issuer : /C=GB/O=Sectigo Limited/CN=Sectigo Public Time Stamping CA R36
		Serial : A4293B6E1EDDD7A7340887AD7A4EB724

CAfile: /home/hebasto/.guix-profile/etc/ssl/certs/ca-certificates.crt
CRL distribution point: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl
Use the "-TSA-CAfile" option to add the Time-Stamp Authority certificates bundle to verify the Timestamp Server.
Timestamp Server Signature verification: failed
Signature verification: ok

Number of verified signatures: 1
Signature successfully attached
Succeeded
Current PE checksum   : 01CAEDFC
Calculated PE checksum: 01CACBAB    MISMATCH!!!

Signature Index: 0  (Primary Signature)
Message digest algorithm  : SHA256
Current message digest    : 93640372442336CB886ABAE105F665C6B68BE7B3E7316E40C8F3952451747528 
Calculated message digest : 93640372442336CB886ABAE105F665C6B68BE7B3E7316E40C8F3952451747528 

Signer's certificate:
	Signer [#0](/bitcoin-bitcoin/0/):
		Subject: /C=US/ST=Delaware/L=Lewes/O=Bitcoin Core Code Signing LLC/CN=Bitcoin Core Code Signing LLC
		Issuer : /C=US/O=DigiCert, Inc./CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1
		Serial : 073478E89DB2AB783EF8D6D04BF04154
		Certificate expiration date:
			notBefore : May 22 00:00:00 2024 GMT
			notAfter : May 31 23:59:59 2027 GMT

Number of certificates: 6
	Signer [#0](/bitcoin-bitcoin/0/):
		Subject: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Trusted Root G4
		Issuer : /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Trusted Root G4
		Serial : 059B1B579E8E2132E23907BDA777755C
		Certificate expiration date:
			notBefore : Aug  1 12:00:00 2013 GMT
			notAfter : Jan 15 12:00:00 2038 GMT
	------------------
	Signer [#1](/bitcoin-bitcoin/1/):
		Subject: /C=US/O=DigiCert, Inc./CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1
		Issuer : /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Trusted Root G4
		Serial : 08AD40B260D29C4C9F5ECDA9BD93AED9
		Certificate expiration date:
			notBefore : Apr 29 00:00:00 2021 GMT
			notAfter : Apr 28 23:59:59 2036 GMT
	------------------
	Signer [#2](/bitcoin-bitcoin/2/):
		Subject: /C=US/ST=Delaware/L=Lewes/O=Bitcoin Core Code Signing LLC/CN=Bitcoin Core Code Signing LLC
		Issuer : /C=US/O=DigiCert, Inc./CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1
		Serial : 073478E89DB2AB783EF8D6D04BF04154
		Certificate expiration date:
			notBefore : May 22 00:00:00 2024 GMT
			notAfter : May 31 23:59:59 2027 GMT
	------------------
	Signer [#3](/bitcoin-bitcoin/3/):
		Subject: /C=GB/O=Sectigo Limited/CN=Sectigo Public Time Stamping Root R46
		Issuer : /C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority
		Serial : 36C2B0BD7C1B3AE7A3B3DD36CBC97568
		Certificate expiration date:
			notBefore : Mar 22 00:00:00 2021 GMT
			notAfter : Jan 18 23:59:59 2038 GMT
	------------------
	Signer [#4](/bitcoin-bitcoin/4/):
		Subject: /C=GB/O=Sectigo Limited/CN=Sectigo Public Time Stamping CA R36
		Issuer : /C=GB/O=Sectigo Limited/CN=Sectigo Public Time Stamping Root R46
		Serial : 7A23AEDA5369960F91C83E5CF4C7E33F
		Certificate expiration date:
			notBefore : Mar 22 00:00:00 2021 GMT
			notAfter : Mar 21 23:59:59 2036 GMT
	------------------
	Signer [#5](/bitcoin-bitcoin/5/):
		Subject: /C=GB/ST=West Yorkshire/O=Sectigo Limited/CN=Sectigo Public Time Stamping Signer R36
		Issuer : /C=GB/O=Sectigo Limited/CN=Sectigo Public Time Stamping CA R36
		Serial : A4293B6E1EDDD7A7340887AD7A4EB724
		Certificate expiration date:
			notBefore : Mar 27 00:00:00 2025 GMT
			notAfter : Mar 21 23:59:59 2036 GMT

Authenticated attributes:
	Message digest algorithm: SHA256
	Message digest: 4ED0952638C630C0F37646567BDB1EAA5F0C04BBCFB7E52ED40AA364E1C76582 
	Signing time: Apr 16 03:00:15 2026 GMT
	Microsoft Individual Code Signing purpose

The signature is timestamped: Apr 16 03:00:18 2026 GMT
Hash Algorithm: sha384
Timestamp Verified by:
		Issuer : /C=GB/O=Sectigo Limited/CN=Sectigo Public Time Stamping CA R36
		Serial : A4293B6E1EDDD7A7340887AD7A4EB724

CAfile: /home/hebasto/.guix-profile/etc/ssl/certs/ca-certificates.crt
CRL distribution point: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl
Use the "-TSA-CAfile" option to add the Time-Stamp Authority certificates bundle to verify the Timestamp Server.
Timestamp Server Signature verification: failed
Signature verification: ok

Number of verified signatures: 1
Signature successfully attached
Succeeded
Current PE checksum   : 0256CF84
Calculated PE checksum: 02567CD7    MISMATCH!!!

Signature Index: 0  (Primary Signature)
Message digest algorithm  : SHA256
Current message digest    : 9F60B30B53352E6BD98E136DF52B611AF0ECF48252D3D71E1F36C7BD0828BD7D 
Calculated message digest : 9F60B30B53352E6BD98E136DF52B611AF0ECF48252D3D71E1F36C7BD0828BD7D 

Signer's certificate:
	Signer [#0](/bitcoin-bitcoin/0/):
		Subject: /C=US/ST=Delaware/L=Lewes/O=Bitcoin Core Code Signing LLC/CN=Bitcoin Core Code Signing LLC
		Issuer : /C=US/O=DigiCert, Inc./CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1
		Serial : 073478E89DB2AB783EF8D6D04BF04154
		Certificate expiration date:
			notBefore : May 22 00:00:00 2024 GMT
			notAfter : May 31 23:59:59 2027 GMT

Number of certificates: 6
	Signer [#0](/bitcoin-bitcoin/0/):
		Subject: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Trusted Root G4
		Issuer : /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Trusted Root G4
		Serial : 059B1B579E8E2132E23907BDA777755C
		Certificate expiration date:
			notBefore : Aug  1 12:00:00 2013 GMT
			notAfter : Jan 15 12:00:00 2038 GMT
	------------------
	Signer [#1](/bitcoin-bitcoin/1/):
		Subject: /C=US/O=DigiCert, Inc./CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1
		Issuer : /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Trusted Root G4
		Serial : 08AD40B260D29C4C9F5ECDA9BD93AED9
		Certificate expiration date:
			notBefore : Apr 29 00:00:00 2021 GMT
			notAfter : Apr 28 23:59:59 2036 GMT
	------------------
	Signer [#2](/bitcoin-bitcoin/2/):
		Subject: /C=US/ST=Delaware/L=Lewes/O=Bitcoin Core Code Signing LLC/CN=Bitcoin Core Code Signing LLC
		Issuer : /C=US/O=DigiCert, Inc./CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1
		Serial : 073478E89DB2AB783EF8D6D04BF04154
		Certificate expiration date:
			notBefore : May 22 00:00:00 2024 GMT
			notAfter : May 31 23:59:59 2027 GMT
	------------------
	Signer [#3](/bitcoin-bitcoin/3/):
		Subject: /C=GB/O=Sectigo Limited/CN=Sectigo Public Time Stamping Root R46
		Issuer : /C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority
		Serial : 36C2B0BD7C1B3AE7A3B3DD36CBC97568
		Certificate expiration date:
			notBefore : Mar 22 00:00:00 2021 GMT
			notAfter : Jan 18 23:59:59 2038 GMT
	------------------
	Signer [#4](/bitcoin-bitcoin/4/):
		Subject: /C=GB/O=Sectigo Limited/CN=Sectigo Public Time Stamping CA R36
		Issuer : /C=GB/O=Sectigo Limited/CN=Sectigo Public Time Stamping Root R46
		Serial : 7A23AEDA5369960F91C83E5CF4C7E33F
		Certificate expiration date:
			notBefore : Mar 22 00:00:00 2021 GMT
			notAfter : Mar 21 23:59:59 2036 GMT
	------------------
	Signer [#5](/bitcoin-bitcoin/5/):
		Subject: /C=GB/ST=West Yorkshire/O=Sectigo Limited/CN=Sectigo Public Time Stamping Signer R36
		Issuer : /C=GB/O=Sectigo Limited/CN=Sectigo Public Time Stamping CA R36
		Serial : A4293B6E1EDDD7A7340887AD7A4EB724
		Certificate expiration date:
			notBefore : Mar 27 00:00:00 2025 GMT
			notAfter : Mar 21 23:59:59 2036 GMT

Authenticated attributes:
	Message digest algorithm: SHA256
	Message digest: 23D3960F6C9B5EFB338F033E0A2B16399D16A5F143AB5C2CDB64F08E9A4CD810 
	Signing time: Apr 16 02:59:53 2026 GMT
	Microsoft Individual Code Signing purpose

The signature is timestamped: Apr 16 02:59:54 2026 GMT
Hash Algorithm: sha384
Timestamp Verified by:
		Issuer : /C=GB/O=Sectigo Limited/CN=Sectigo Public Time Stamping CA R36
		Serial : A4293B6E1EDDD7A7340887AD7A4EB724

CAfile: /home/hebasto/.guix-profile/etc/ssl/certs/ca-certificates.crt
CRL distribution point: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl
Use the "-TSA-CAfile" option to add the Time-Stamp Authority certificates bundle to verify the Timestamp Server.
Timestamp Server Signature verification: failed
Signature verification: ok

Number of verified signatures: 1
Signature successfully attached
Succeeded
  adding: bitcoin-31.0/ (stored 0%)
  adding: bitcoin-31.0/bin/ (stored 0%)
  adding: bitcoin-31.0/bin/bitcoin-cli.exe (deflated 60%)
  adding: bitcoin-31.0/bin/bitcoin-qt.exe (deflated 51%)
  adding: bitcoin-31.0/bin/bitcoin-tx.exe (deflated 43%)
  adding: bitcoin-31.0/bin/bitcoin-util.exe (deflated 42%)
  adding: bitcoin-31.0/bin/bitcoin-wallet.exe (deflated 49%)
  adding: bitcoin-31.0/bin/bitcoin.exe (deflated 61%)
  adding: bitcoin-31.0/bin/bitcoind.exe (deflated 48%)
  adding: bitcoin-31.0/bitcoin.conf (deflated 64%)
  adding: bitcoin-31.0/libexec/ (stored 0%)
  adding: bitcoin-31.0/libexec/test_bitcoin.exe (deflated 55%)
  adding: bitcoin-31.0/readme.txt (deflated 43%)
  adding: bitcoin-31.0/share/ (stored 0%)
  adding: bitcoin-31.0/share/man/ (stored 0%)
  adding: bitcoin-31.0/share/man/man1/ (stored 0%)
  adding: bitcoin-31.0/share/man/man1/bitcoin-cli.1 (deflated 61%)
  adding: bitcoin-31.0/share/man/man1/bitcoin-qt.1 (deflated 65%)
  adding: bitcoin-31.0/share/man/man1/bitcoin-tx.1 (deflated 58%)
  adding: bitcoin-31.0/share/man/man1/bitcoin-util.1 (deflated 53%)
  adding: bitcoin-31.0/share/man/man1/bitcoin-wallet.1 (deflated 56%)
  adding: bitcoin-31.0/share/man/man1/bitcoin.1 (deflated 57%)
  adding: bitcoin-31.0/share/man/man1/bitcoind.1 (deflated 65%)
  adding: bitcoin-31.0/share/rpcauth/ (stored 0%)
  adding: bitcoin-31.0/share/rpcauth/README.md (deflated 42%)
  adding: bitcoin-31.0/share/rpcauth/rpcauth.py (deflated 55%)
  2. hebasto added the label Windows on Apr 18, 2026
  3. hebasto commented at 10:29 AM on April 18, 2026: member

    cc @achow101

  4. achow101 commented at 6:27 PM on April 18, 2026: member

    This is normal. I don't know what causes it.

  5. davidgumberg commented at 1:30 AM on April 22, 2026: contributor

    It seems this is maybe not a big deal: https://github.com/mtrojnar/osslsigncode/issues/245#issuecomment-1468508262 and not enforced by windows for most binaries: https://learn.microsoft.com/en-us/windows/win32/debug/pe-format#optional-header-windows-specific-fields-image-only and at the end osslsigncode leaves a correct checksum.

    It still seems worth investigating where the executable is modified without changing the checksum,

    <details> <summary>

    I used pefile to check if debug-split.sh or zipping are the issues....

    </summary>

    diff --git a/contrib/guix/libexec/build.sh b/contrib/guix/libexec/build.sh
index 51354273ef..9a37848ddc 100755
--- a/contrib/guix/libexec/build.sh
+++ b/contrib/guix/libexec/build.sh
@@ -292,10 +292,29 @@ mkdir -p "$DISTSRC"
         case "$HOST" in
             *darwin*) ;;
             *)
+                echo "PE CHECKSUMS before debug split"
+                for f in $(find "${DISTNAME}/bin" "${DISTNAME}/libexec" -type f -name "*.exe"); do
+                    # This prints the Calculated Checksum
+                    CALCULATED=$(python3 -c "import pefile, sys; print(f'{pefile.PE(sys.argv[1]).generate_checksum():08X}')" "$f")
+                    # This prints the Current Checksum stored in the header
+                    CURRENT=$(python3 -c "import pefile, sys; print(f'{pefile.PE(sys.argv[1]).OPTIONAL_HEADER.CheckSum:08X}')" "$f")
+
+                    echo "$f -> Header: $CURRENT | Calculated: $CALCULATED"
+                done
                 # Split binaries from their debug symbols
                 {
                     find "${DISTNAME}/bin" "${DISTNAME}/libexec" -type f -executable -print0
                 } | xargs -0 -P"$JOBS" -I{} "${DISTSRC}/build/split-debug.sh" {} {} {}.dbg
+
+                echo "PE CHECKSUMS after debug split"
+                for f in $(find "${DISTNAME}/bin" "${DISTNAME}/libexec" -type f -name "*.exe"); do
+                    # This prints the Calculated Checksum
+                    CALCULATED=$(python3 -c "import pefile, sys; print(f'{pefile.PE(sys.argv[1]).generate_checksum():08X}')" "$f")
+                    # This prints the Current Checksum stored in the header
+                    CURRENT=$(python3 -c "import pefile, sys; print(f'{pefile.PE(sys.argv[1]).OPTIONAL_HEADER.CheckSum:08X}')" "$f")
+
+                    echo "$f -> Header: $CURRENT | Calculated: $CALCULATED"
+                done
                 ;;
         esac
 
@@ -317,6 +336,12 @@ mkdir -p "$DISTSRC"
 
         # Deterministically produce {non-,}debug binary tarballs ready
         # for release
+        echo "PE CHECKSUMS before zip"
+        for f in $(find "${DISTNAME}/bin" "${DISTNAME}/libexec" -type f -name "*.exe"); do
+            CALCULATED=$(python3 -c "import pefile, sys; print(f'{pefile.PE(sys.argv[1]).generate_checksum():08X}')" "$f")
+            CURRENT=$(python3 -c "import pefile, sys; print(f'{pefile.PE(sys.argv[1]).OPTIONAL_HEADER.CheckSum:08X}')" "$f")
+            echo "$f -> Header: $CURRENT | Calculated: $CALCULATED"
+        done
         case "$HOST" in
             *mingw*)
                 find "${DISTNAME}" -not -name "*.dbg" -print0 \
@@ -354,6 +379,16 @@ mkdir -p "$DISTSRC"
         esac
     )  # $DISTSRC/installed
 
+    echo "PE CHECKSUMS after unzip"
+    tmpdir=$(mktemp -d)
+    unzip -q "${OUTDIR}/${DISTNAME}-${HOST//x86_64-w64-mingw32/win64}-unsigned.zip" -d "$tmpdir"
+    for f in $(find "$tmpdir" -type f -name "*.exe"); do
+        CALCULATED=$(python3 -c "import pefile, sys; print(f'{pefile.PE(sys.argv[1]).generate_checksum():08X}')" "$f")
+        CURRENT=$(python3 -c "import pefile, sys; print(f'{pefile.PE(sys.argv[1]).OPTIONAL_HEADER.CheckSum:08X}')" "$f")
+        echo "$f -> Header: $CURRENT | Calculated: $CALCULATED"
+    done
+    rm -rf "$tmpdir"
+
     # Finally make tarballs for codesigning
     case "$HOST" in
         *mingw*)
diff --git a/contrib/guix/manifest.scm b/contrib/guix/manifest.scm
index 4fd901e57a..b91dd8362a 100644
--- a/contrib/guix/manifest.scm
+++ b/contrib/guix/manifest.scm
@@ -17,7 +17,7 @@
              ((gnu packages python) #:select (python-minimal))
              ((gnu packages python-build) #:select (python-poetry-core))
              ((gnu packages python-crypto) #:select (python-asn1crypto python-oscrypto))
-             ((gnu packages python-xyz) #:select (python-lief))
+             ((gnu packages python-xyz) #:select (python-lief python-pefile))
              ((gnu packages tls) #:select (openssl))
              ((gnu packages version-control) #:select (git-minimal))
              (guix build-system python)
@@ -414,6 +414,7 @@ inspecting signatures in Mach-O binaries.")
         ;; Compression and archiving
         tar
         gzip
+        unzip
         xz
         ;; Build tools
         gcc-toolchain-14
@@ -425,7 +426,8 @@ inspecting signatures in Mach-O binaries.")
         ;; Git
         git-minimal
         ;; Tests
-        python-lief)
+        python-lief
+        python-pefile)
   (let ((target (getenv "HOST")))
     (cond ((string-suffix? "-mingw32" target)
            (list zip

    </details>

    and it seems like the answer is no:

    PE CHECKSUMS before debug split
bitcoin-33ba66e6467f/bin/bitcoin-wallet.exe -> Header: 0C2F0029 | Calculated: 0C2F0029
bitcoin-33ba66e6467f/bin/bitcoin.exe -> Header: 011C13D7 | Calculated: 011C13D7
bitcoin-33ba66e6467f/bin/bitcoind.exe -> Header: 1BAC5EC5 | Calculated: 1BAC5EC5
bitcoin-33ba66e6467f/bin/bitcoin-cli.exe -> Header: 01C50347 | Calculated: 01C50347
bitcoin-33ba66e6467f/bin/bitcoin-tx.exe -> Header: 03CE4E96 | Calculated: 03CE4E96
bitcoin-33ba66e6467f/bin/bitcoin-util.exe -> Header: 03267B1F | Calculated: 03267B1F
bitcoin-33ba66e6467f/bin/bitcoin-qt.exe -> Header: 2468870D | Calculated: 2468870D
bitcoin-33ba66e6467f/libexec/test_bitcoin.exe -> Header: 38AD7299 | Calculated: 38AD7299
PE CHECKSUMS after debug split
bitcoin-33ba66e6467f/bin/bitcoin-wallet.exe -> Header: 0084B0D6 | Calculated: 0084B0D6
bitcoin-33ba66e6467f/bin/bitcoin.exe -> Header: 00198248 | Calculated: 00198248
bitcoin-33ba66e6467f/bin/bitcoind.exe -> Header: 00FE4BEA | Calculated: 00FE4BEA
bitcoin-33ba66e6467f/bin/bitcoin-cli.exe -> Header: 0024E9A8 | Calculated: 0024E9A8
bitcoin-33ba66e6467f/bin/bitcoin-tx.exe -> Header: 0044D026 | Calculated: 0044D026
bitcoin-33ba66e6467f/bin/bitcoin-util.exe -> Header: 003E8A00 | Calculated: 003E8A00
bitcoin-33ba66e6467f/bin/bitcoin-qt.exe -> Header: 02A06EBA | Calculated: 02A06EBA
bitcoin-33ba66e6467f/libexec/test_bitcoin.exe -> Header: 01CA9CE9 | Calculated: 01CA9CE9
PE CHECKSUMS right before zip
bitcoin-33ba66e6467f/bin/bitcoin-wallet.exe -> Header: 0084B0D6 | Calculated: 0084B0D6
bitcoin-33ba66e6467f/bin/bitcoin.exe -> Header: 00198248 | Calculated: 00198248
bitcoin-33ba66e6467f/bin/bitcoind.exe -> Header: 00FE4BEA | Calculated: 00FE4BEA
bitcoin-33ba66e6467f/bin/bitcoin-cli.exe -> Header: 0024E9A8 | Calculated: 0024E9A8
bitcoin-33ba66e6467f/bin/bitcoin-tx.exe -> Header: 0044D026 | Calculated: 0044D026
bitcoin-33ba66e6467f/bin/bitcoin-util.exe -> Header: 003E8A00 | Calculated: 003E8A00
bitcoin-33ba66e6467f/bin/bitcoin-qt.exe -> Header: 02A06EBA | Calculated: 02A06EBA
bitcoin-33ba66e6467f/libexec/test_bitcoin.exe -> Header: 01CA9CE9 | Calculated: 01CA9CE9
PE CHECKSUMS after unzip
/tmp/tmp.guk7aiT7Sx/bitcoin-33ba66e6467f/libexec/test_bitcoin.exe -> Header: 01CA9CE9 | Calculated: 01CA9CE9
/tmp/tmp.guk7aiT7Sx/bitcoin-33ba66e6467f/bin/bitcoind.exe -> Header: 00FE4BEA | Calculated: 00FE4BEA
/tmp/tmp.guk7aiT7Sx/bitcoin-33ba66e6467f/bin/bitcoin.exe -> Header: 00198248 | Calculated: 00198248
/tmp/tmp.guk7aiT7Sx/bitcoin-33ba66e6467f/bin/bitcoin-wallet.exe -> Header: 0084B0D6 | Calculated: 0084B0D6
/tmp/tmp.guk7aiT7Sx/bitcoin-33ba66e6467f/bin/bitcoin-util.exe -> Header: 003E8A00 | Calculated: 003E8A00
/tmp/tmp.guk7aiT7Sx/bitcoin-33ba66e6467f/bin/bitcoin-tx.exe -> Header: 0044D026 | Calculated: 0044D026
/tmp/tmp.guk7aiT7Sx/bitcoin-33ba66e6467f/bin/bitcoin-qt.exe -> Header: 02A06EBA | Calculated: 02A06EBA
/tmp/tmp.guk7aiT7Sx/bitcoin-33ba66e6467f/bin/bitcoin-cli.exe -> Header: 0024E9A8 | Calculated: 0024E9A8
  6. hebasto commented at 11:44 AM on April 22, 2026: member

    The relevant osslsigncode code was modified in https://github.com/mtrojnar/osslsigncode/pull/255 (available since version 2.6). However, our 31.x branch is still using osslsigncode 2.5.

    The master branch has already switched to osslsigncode 2.13.

    Can someone confirm that codesigning works as expected on the master branch?

  7. davidgumberg commented at 6:24 PM on April 22, 2026: contributor

    https://github.com/mtrojnar/osslsigncode/pull/255 does not seem to affect whether or not the PE checksum is recomputed after signing for us, it changes the error message when there is a mismatch and recomputes checksum when doing osslsigncode remove-signature

Contributors
hebastoachow101davidgumberg
Labels
Windows
Linked (view graph)
#1 JSON-RPC support for mobile devices ("ultra-lightweight" clients)#2 Long-term, safe, store-of-value#3 Encrypt wallet#4 Export/Import wallet in a human readable, future-proof format#5 Make the version number the protocol version and not the client version
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-05-15 03:12 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me